Re: tls ssl ftp connection over iptables
Greetings!
On Sun, 25 Apr 2004 14:17:45 +0200 Bastien Rocheron
<bastien.rocheron@free.fr> wrote:
> I have an iptable packet filter which does his job well but when I
> decide to allow only tls connections over the ftp server people can
> connect on the server in active mode because I said to the packet
> filter to let everything come thru the ftp port but just after the
> connection is made it hangs and nothing more happens. I suppose it's
> because of the data port which is given randomly and this one is
> cyphered so the packet filter gets mad about it and drop the packets.
The FTP-conntrack can't look into the control channel and thus cannot
detect which data port will be used - thus no data port is ever opened.
One workaround would be to allow all outgoing connections and use
PASSIVE FTP...
Bye
Volker Tanger
ITK Security
Reply to: